def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not is_integer(id):
response = base_routes.make_bad_request_response()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
response = base_routes.make_not_found_response()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response_data = {'data': serialized}
response = jsonify(response_data)
else:
response = base_routes.make_forbidden_response()
return response
def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not is_integer(id):
response = base_routes.make_bad_request_response()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
response = base_routes.make_not_found_response()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(
search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response_data = {'data': serialized}
response = jsonify(response_data)
else:
response = base_routes.make_forbidden_response()
return response
def request_reset_password(email):
user = store.session.query(User).filter_by(email=email).first()
if user is None:
response = base_routes.make_not_found_response()
else:
error_message = mail_actions.request_password_reset(user)
if error_message:
response = base_routes.make_server_error_response(error_message)
else:
response = base_routes.make_OK_response()
return response
def request_reset_password(email):
user = store.session.query(User).filter_by(email=email,
active=True).first()
if user is None:
response = base_routes.make_not_found_response()
else:
error_message = mail_actions.request_password_reset(user)
if error_message:
response = base_routes.make_server_error_response(
error_message)
else:
response = base_routes.make_OK_response()
return response
def userbyemail(email):
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif requester.email != email:
response = base_routes.make_forbidden_response()
else:
users = store.session.query(User).filter(User.email == email, User.active == True).all()
if len(users) > 1:
logger.error('More than one active user with the same email - {}'.format(email))
user = users[0]
elif len(users) == 0:
user = None
else:
user = users[0]
if user is None:
response = base_routes.make_not_found_response()
else:
response = base_routes.make_single_response(requester, user)
return response
def userbyemail(email):
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif requester.email != email:
response = base_routes.make_forbidden_response()
else:
users = store.session.query(User).filter(
User.email == email, User.active == True).all()
if len(users) > 1:
logger.error(
'More than one active user with the same email - {}'.
format(email))
user = users[0]
elif len(users) == 0:
user = None
else:
user = users[0]
if user is None:
response = base_routes.make_not_found_response()
else:
response = base_routes.make_single_response(requester, user)
return response
def endpoint(requester: User, user_id: int) -> Response:
""" User Endpoint
http:get:: /rest/users/<user_id:int>
**Example request**:
.. sourcecode:: http
GET /rest/users/42?field=name&field=bio HTTP/1.1
Host: app.communityshare.us
Accept: application/json
Authorization: Basic:username:password
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Content-Type: application/json
{
"user": {
"id": 23,
"name": "Bob Smith",
"bio": "On the weekends I polish copper mines."
},
"links": [ {
"rel": "self",
"href": "https://app.communityshare.us/rest/users/42"
}
}
:query int user_id: id of user to fetch
:query list string field: additional fields to return, always returns user id, default returns all fields
:statuscode 200: user successfully fetched
:statuscode 400: invalid arguments passed in
:statuscode 401: needs authentication
"""
user_id = int_or(user_id, None)
fields = request.args.getlist('field')
fields = fields if fields else None
user = serialize(requester, get_user(user_id), fields=fields)
# if the requester is not authorized
# to see a user, it should be opaque
# whether or not the user even exists
# in this case, we return a "not found"
# for both cases
if user is None:
return make_not_found_response()
return jsonify(
{'user': {
**user, 'links': [{
'rel': 'self',
'href': request.url,
}]
}})
